Support Center

Using AD Bridge

Operation and Usage
User Experience

 

  • The AD Bridge is not available for use while G Suite or Office 365 Directory Sync are enabled.
  • Organizations using Tags will exhibit the same behavior as JumpCloud groups. This article will only use the term groups for clarity.
 

Operation and usage


 
The AD Bridge will perform one way synchronization of users and groups from Active Directory to JumpCloud. Synchronization runs at approximately 90 second intervals.
  • Required: A security group named "JumpCloud". This group must be a member of the default Users OU within Active Directory. A user or group must be a member of this group in order to synchronize.
  • Optional: A security group named "JumpCloud Admins". Any user that is a member of this group and also a member of the JumpCloud group will have Global Administrator permissions enabled within JumpCloud. This function does not support members of nested groups.
  • Once mirrored, AD managed users and groups within JumpCloud can be bound to JumpCloud managed resources such as Systems, RADIUS, LDAP, etc...

User Synchronization

JumpCloud mirrors the following data fields and will be read-only in JumpCloud:
  • First and Last Name
  • Email address* - This value is obtained from either the E-mail field on the General tab OR the User logon name from the Account tab of the user properties. If both values are populated the value on the General tab takes precedence.
  • Username*
*These fields are required to be populated in AD for synchronization to occur.  
 
Users will be deleted from JumpCloud and any data or resource bindings associated with the user will be lost under the following conditions:
  • If you change the User logon name in the Account tab of the User Properties window (A new user will be created with the new username, resource bindings are maintained in this case)
  • Disabling the user in AD
  • Removing the user from the JumpCloud group
 

Groups Synchronization

  • Groups that are a member of the JumpCloud group will be mirrored to the JumpCloud directory, Users that are a member of these groups will be mirrored and bound to the group
  • Nested groups will be traversed recursively and their structure will be flattened. E.g., in AD, Group1 is a member of JumpCloud with members User1, User2 and Group2. Group2 is a member of Group1 and contains members User3 and User4. In JumpCloud, Group2 will be mirrored and have User3 and User4 bound. Group 1 will be mirrored and have User1, User2, User3 and User4 bound.
  • JumpCloud managed users may be bound to AD mirrored groups. Their membership will be unaffected by subsequent synchronizations. 
 

Deactivate


You can temporarily disable AD Bridge operation by selecting "Deactivate" in the Active Directory tab of the Directories object. Deactivation will cease all synchronization between AD and JumpCloud and will allow G Suite or Office 365 to be enabled.
 

Service details


The agent is registered as a service to start automatically.
  • Display name: JumpCloud AD Bridge Agent
  • Service name: adint
  • Log located at c:\Windows\Temp\JumpCloud_AD_Integration.log
 

User Experience


 
  • Similar to when users are newly added to JumpCloud, as the user is added to the JumpCloud security group a "Welcome" email will be delivered to the email address of the identity.
  • All password changes for the user must be done on the Windows workstation or on a domain controller.  
  • Users will be unable to access any resources controlled by JumpCloud until they reset their password on their Windows workstation or on a domain controller.

 

 

Last Updated: Sep 18, 2017 12:07PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete